[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Newbie OpenLDAP/SSL/Certificates question

To: Openldap list <openldap-software@OpenLDAP.org>
Subject: Re: Newbie OpenLDAP/SSL/Certificates question
From: Tony Earnshaw <tonye@billy.demon.nl>
Date: Sat, 11 Sep 2004 17:54:34 +0200
In-reply-to: <200409091704.16885.schampailler@easynet.be>
Organization: Billy
References: <200409091704.16885.schampailler@easynet.be>

tor, 09.09.2004 kl. 17.04 skrev Stefan Champailler:
[...]

> Oh, by the way, the error I can read on the _server_ log is :
> 
> TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not 
> return a certificate s3_srvr.c:1999
> 
> Of course, I understand that using certificates only for local prupose is 
> pointless, except that I just want to learn...

This is what any SSL-enabled server/client (http, LDAP, whatever) will
return when the info requested has been sent *unencrypted*.

> (PS: I've read in this ml policy that one shouldn't post about SSL issues, but 
> because I think my certificates are right, well, you know...)

Nope. Read up on Openssl's s_server and s_client and use those for
testing actual Openssl issues. s_client (always use the very latest
Openssl.org release) is a wonderful tool for testing all SSL client
stuff, including MTAs and IMAP servers - and, naturally ;) Openldap.

--Tonni

-- 
They love us, don't they, They feed us, won't they,
Oh who will think a boy and bear
Could be well accepted everywhere?
It's just amazing how fair people can be

mail: tonye@billy.demon.nl
http://www.billy.demon.nl

Follow-Ups:
- Re: Newbie OpenLDAP/SSL/Certificates question
  - From: Stefan Champailler <schampailler@easynet.be>

References:
- Newbie OpenLDAP/SSL/Certificates question
  - From: Stefan Champailler <schampailler@easynet.be>

Prev by Date: test - please ignore
Next by Date: Re: SSL + Replica
Index(es):
- Chronological
- Thread